Network services in a mesh network

ABSTRACT

A method including receiving, by a first device from a second device in a mesh network, a control command from the second device to control operation of a network resource device accessible by the first device, the control command being received via a meshnet connection between the first device and the second device; and transmitting, by the first device to the second device, operation information associated with operation of the network resource device in accordance with the control command, the operation information being transmitted via the meshnet connection. Various other aspects are contemplated.

CROSS REFERENCE

This application is a continuation of U.S. Non-Provisional patentapplication Ser. No. 17/665,570, filed on Feb. 6, 2022, and titled“Network Services In A Mesh Network,” the entire contents of which areincorporated herein by reference.

FIELD OF DISCLOSURE

Aspects of the present disclosure generally relate to communications innetworks, and more particularly to network services in a mesh network.

BACKGROUND

Users may rely on mesh networks (also referred to as “meshnets”) tocommunicate (e.g., transmit and/or receive) data among a plurality ofendpoints (e.g., user devices) via one or more Internet nodes (e.g.,bridges, switches, infrastructure devices, etc.). In an example, a meshnetwork may include a plurality of endpoints communicatively coupled toeach other directly or via the one or more Internet nodes. A meshnetwork in which all endpoints are communicatively coupled to each othermay be referred to as a fully connected network. Data transmitted by afirst endpoint, from among the plurality of endpoints, may be routedover the Internet via the one or more Internet nodes to a secondendpoint from among the plurality of endpoints. Also, data transmittedby the first endpoint may be routed to two or more endpoints from amongthe plurality of endpoints.

In a mesh network, the plurality of endpoints may cooperate with eachother to enable communication of the data among the plurality ofendpoints. In an example, one or more of the endpoints may participatein communication of the data. In this way, the mesh network may avoidrelying on a given endpoint for communication of the data. Some meshnetworks may have the ability to dynamically self-organize andself-configure the plurality of endpoints. This ability may allow suchmesh networks to enable dynamic distribution of workloads, particularlyin the event that one or more endpoints should fail. Further,installation overhead may be reduced.

SUMMARY

In one aspect, the present disclosure contemplates a method includingreceiving, by a first device from a second device in a mesh network, anaccess request from the second device to access a network serviceavailable to the first device, the request being received via a meshnetconnection between the first device and the second device; andtransmitting, by the first device to the second device, accessinformation associated with accessing the network service based at leastin part on receiving the access request, the access information beingtransmitted via the meshnet connection.

In another aspect, the present disclosure contemplates a first deviceincluding a memory and a processor configured to: receive, from a seconddevice in a mesh network, an access request from the second device toaccess a network service available to the first device, the requestbeing received via a meshnet connection between the first device and thesecond device; and transmit, to the second device, access informationassociated with accessing the network service based at least in part onreceiving the access request, the access information being transmittedvia the meshnet connection.

In another aspect, the present disclosure contemplates a non-transitorycomputer readable medium storing instructions, which when executed by aprocessor associated with a first device, cause the processor to:receive, from a second device in a mesh network, an access request fromthe second device to access a network service available to the firstdevice, the request being received via a meshnet connection between thefirst device and the second device; and transmit, to the second device,access information associated with accessing the network service basedat least in part on receiving the access request, the access informationbeing transmitted via the meshnet connection.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory innature and are intended to provide an understanding of the presentdisclosure without limiting the scope thereof. In that regard,additional aspects, features, and advantages of the present disclosurewill be apparent to one skilled in the art from the following detaileddescription.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings illustrate aspects of systems, devices,methods, and/or mediums disclosed herein and together with thedescription, serve to explain the principles of the present disclosure.Throughout this description, like elements, in whatever aspectdescribed, refer to common elements wherever referred to and referencedby the same reference number. The characteristics, attributes,functions, interrelations ascribed to a particular element in onelocation apply to those elements when referred to by the same referencenumber in another location unless specifically stated otherwise.

The figures referenced below are drawn for ease of explanation of thebasic teachings of the present disclosure; the extensions of the figureswith respect to number, position, relationship, and dimensions of theparts to form the following aspects may be explained or may be withinthe skill of the art after the following description has been read andunderstood. Further, exact dimensions and dimensional proportions toconform to specific force, weight, strength, and similar requirementswill likewise be within the skill of the art after the followingdescription has been read and understood.

The following is a brief description of each figure used to describe thepresent disclosure, and thus, is being presented for illustrativepurposes only and should not be limitative of the scope of the presentdisclosure.

FIG. 1 is an illustration of an example system associated with networkservices in a mesh network, according to various aspects of the presentdisclosure.

FIG. 2 is an illustration of an example associated with network servicesin a mesh network, according to various aspects of the presentdisclosure.

FIG. 3 is an illustration of an example flow associated with networkservices in a mesh network, according to various aspects of the presentdisclosure.

FIG. 4 is an illustration of an example process associated with networkservices in a mesh network, according to various aspects of the presentdisclosure.

FIG. 5 is an illustration of an example process associated with networkservices in a mesh network, according to various aspects of the presentdisclosure.

FIG. 6 is an illustration of an example process associated with networkservices in a mesh network, according to various aspects of the presentdisclosure.

FIG. 7 is an illustration of example devices associated with networkservices in a mesh network, according to various aspects of the presentdisclosure.

DETAILED DESCRIPTION

For the purposes of promoting an understanding of the principles of thepresent disclosure, reference will now be made to the aspectsillustrated in the drawings, and specific language may be used todescribe the same. It will nevertheless be understood that no limitationof the scope of the disclosure is intended. Any alterations and furthermodifications to the described devices, instruments, methods, and anyfurther application of the principles of the present disclosure arefully contemplated as would normally occur to one skilled in the art towhich the disclosure relates. In particular, it is fully contemplatedthat the features, components, and/or steps described with respect toone aspect may be combined with the features, components, and/or stepsdescribed with respect to other aspects of the present disclosure. Forthe sake of brevity, however, the numerous iterations of thesecombinations may not be described separately. For simplicity, in someinstances the same reference numbers are used throughout the drawings torefer to the same or like parts.

FIG. 1 is an illustration of an example 100 associated with networkservices in a mesh network, according to various aspects of the presentdisclosure. Example 100 shows an architectural depiction of includedcomponents. In some aspects, the components may include one or more userdevices 102 capable of communicating with a mesh network serviceprovider (MSP) control infrastructure 104 for purposes of obtaining meshnetwork services. In some aspects, the one or more user devices 102 maycommunicate with the MSP control infrastructure 104 over a network 118.The MSP control infrastructure 104 may be controlled by a mesh networkservice provider and may include an application programming interface(API) 106, a user database 108, processing unit 110, and a meshnetdatabase 112. In some aspects, a user device 102 may utilize aprocessing unit 116 and/or a client application 114, which is providedby the MSP control infrastructure 104, to communicate with the API 106.The API 106 may be capable of communicating with the user database 108and with the processing unit 110. Additionally, the processing unit 110may be capable of communicating with the meshnet database 112, which maybe capable of storing data associated with providing mesh networkservices.

The user device 102 may be a physical computing device capable ofhosting the client application 114 and of connecting to the network 118.The user device 102 may be, for example, a laptop, a mobile phone, atablet computer, a desktop computer, a smart device, a router, or thelike. In some aspects, the user device 102 may include, for example,Internet-of-Things (IoT) devices such as MSP smart home appliances,smart home security systems, autonomous vehicles, smart health monitors,smart factory equipment, wireless inventory trackers, biometric cybersecurity scanners, or the like. The network 118 may be any digitaltelecommunication network that permits several nodes to share and accessresources. In some aspects, the network 118 may include one or more of,for example, a local-area network (LAN), a wide-area network (WAN), acampus-area network (CAN), a metropolitan-area network (MAN), ahome-area network (HAN), Internet, Intranet, Extranet, and Internetwork.

The MSP control infrastructure 104 may include a combination of hardwareand software components that enable provision of mesh network servicesto the user device 102. The MSP control infrastructure 104 may interfacewith (the client application on) the user device 102 via the API 106,which may include one or more endpoints to a defined request-responsemessage system. In some aspects, the API 106 may be configured toreceive, via the network 118, a connection request from the user device102 to establish a connection with the MSP control infrastructure 104for purposes of obtaining the mesh network services. The connectionrequest may include an authentication request to authenticate the userdevice 102. The API 106 may receive the authentication request and arequest for the mesh network services in a single connection request. Insome aspects, the API 106 may receive the authentication request and therequest for the mesh network services in separate connection requests.

The API 106 may further be configured to handle the connection requestby mediating the authentication request. For instance, the API 106 mayreceive from the user device 102 credentials including, for example, aunique combination of a user ID and password for purposes ofauthenticating the user device 102. In another example, the credentialsmay include a unique validation code known to an authentic user. The API106 may provide the received credentials to the user database 108 forverification.

The user database 108 may include a structured repository of validcredentials belonging to authentic users. In one example, the structuredrepository may include one or more tables containing valid uniquecombinations of user IDs and passwords belonging to authentic users. Inanother example, the structured repository may include one or moretables containing valid unique validation codes associated withauthentic users. The mesh network service provider may add or deletesuch valid unique combinations of user IDs and passwords from thestructured repository at any time. Based at least in part on receivingthe credentials from the API 106, the user database 108 and a processor(e.g., the processing unit 110 or another local or remote processor) mayverify the received credentials by matching the received credentialswith the valid credentials stored in the structured repository. In someaspects, the user database 108 and the processor may authenticate theuser device 102 when the received credentials match at least one of thevalid credentials. In this case, the mesh network service provider mayprovide mesh network services to the user device 102. When the receivedcredentials fail to match at least one of the valid credentials, theuser database 108 and the processor may fail to authenticate the userdevice 102. In this case, the mesh network service provider may declineto provide mesh network services to the user device 102.

When the user device 102 is authenticated, the user device 102 mayinitiate a connection and may transmit to the API 106 a request for themesh network services. The processing unit 110 included in the MSPcontrol infrastructure 104 may be configured to determine a mesh networkassociated with the user device 102 and/or to identify one or more userdevices to be included within the determined mesh network. Theprocessing unit 110 may utilize the API 106 to transmit informationassociated with the mesh network and/or the identified one or more userdevices to the user device 102. The user device 102 may transmit aninitiation request to establish secure connections (e.g., encryptedtunnels) with the one or more user devices. In some aspects, the one ormore user devices with which the user device 102 establishes the secureconnections may also host respective client applications forcommunicating with the MSP control infrastructure 104 and/or with theuser device 102. In some aspects, the processing unit 110 may be alogical unit including a logical component configured to perform complexoperations associated with computing, for example, numerical weightsrelated to various factors associated with providing the meshnetservices.

One or more components (e.g., API 106, user database 108, processingunit 110, and/or meshnet database 112, processing unit 116) included inthe MSP control infrastructure 104 and/or included in the user device102 may further be associated with a controller/processor, a memory, acommunication interface, or a combination thereof (e.g., FIG. 7 ). Forinstance, the one or more components of the set of components mayinclude or may be included in a controller/processor, a memory, or acombination thereof. In some aspects, the one or more of the componentsincluded in the MSP control infrastructure 104 may be separate anddistinct from each other. Alternatively, in some aspects, the one ormore of the components included in the MSP control infrastructure 104may be combined with one or more of the other components. In someaspects, the one or more of the components included in the MSP controlinfrastructure 104 and/or the user device 102 may be local with respectto each other. Alternatively, in some aspects, one or more of thecomponents included in the MSP control infrastructure 104 and/or theuser device 102 may be located remotely with respect to one or more ofother components included in the MSP control infrastructure 104 and/orthe user device 102. Additionally, or alternatively, one or morecomponents of the components included in the MSP control infrastructure104 and/or the user device 102 may be implemented at least in part assoftware stored in a memory. For example, a component (or a portion of acomponent) may be implemented as instructions or code stored in anon-transitory computer-readable medium and executable by a controlleror a processor to perform the functions or operations of the component.Additionally, or alternatively, a set of (one or more) components shownin FIG. 1 may be configured to perform one or more functions describedas being performed by another set of components shown in FIG. 1 .

As indicated above, FIG. 1 is provided as an example. Other examples maydiffer from what is described with regard to FIG. 1 .

Endpoints (e.g., user devices) may rely on a mesh network to communicate(e.g., transmit and/or receive) meshnet data among the endpoints. Inexample 200 shown in FIG. 2 , the endpoints may include a first userdevice, a second user device, a third user device, and/or a fourth userdevice. The meshnet data may be communicated using wired communicationsand/or wireless communications over a network such as, for example, theInternet. The meshnet data may include any information including digitalinformation such as, for example, documents including data, voice data,image data, signal data, and/or video data. Further, the mesh networkmay be a secure mesh network that may enable the endpoints tocommunicate the meshnet data in encrypted form via meshnet connections(shown as double-ended arrows in FIG. 2 ).

In some cases, one or more of the user devices in the mesh network maybe located locally (e.g., in the same room, in the same building, etc.)with another user device. In some cases, one or more of the user devicesin the mesh network may be located remotely (e.g., in differentbuildings, in different cities, in different states, in differentcountries, etc.) with respect to another user device.

Further, in some cases, one or more of the user devices may beassociated with a commercial entity. In an example, one or more of theuser devices may be provided by the commercial entity to its employees.The one or more user devices may be utilized to perform functionsassociated with the business conducted by the commercial entity. Suchfunctions may be performed by connecting to an internal network (e.g.,intranet) and accessing intranet resources associated with thecommercial entity. When a given user device is located remotely withrespect to a location associated with connecting to the intranet, thegiven user device may attempt to connect to the intranet via, forexample, a virtual private network (VPN) to access the intranetresources. In one example, the given user device may be unable toconnect to the intranet because the intranet may not be VPN-enabled. Inanother example, the remote location of the given user device may begeo-locked from utilizing VPN services due to localized blocking. Suchlocalized blocking may be effected by a local internet service provider(ISP) providing internet services to the remotely located given userdevice and/or by a local government entity. In this case, the given userdevice may be unable to access the intranet resources, and, therefore,unable to perform functions associated with the business conducted bythe commercial entity. Enabling a connection with the intranet mayconsume user device resources (e.g., processing power, memoryconsumption, battery life, or the like) and/or commercial entityresources (e.g., management resources, bandwidth, processing power,memory consumption, or the like) that may be otherwise efficientlyutilized to perform tasks associated with the business conducted by thecommercial entity. Additionally, a delay may be introduced in performingthe functions associated with the business conducted by the commercialentity.

In some cases, the one or more devices may be associated with a homenetwork. The one or more devices may include mobile devices (e.g.,laptops, tablets, smart phones, etc.) and smart devices (e.g.,internet-of-things (IoT) devices). A mobile device may be enabled tomonitor and/or control functions performed by a smart device (e.g.,security cameras, refrigerators, lights, etc.) when the mobile device isconnected to the home network. But, when disconnected from the homenetwork, the mobile device may be unable to monitor and/or control thefunctions performed by the smart device. The mobile device may bedisconnected from the home network when, for example, the mobile devicemay be located remotely with respect to the home network. In this case,the mobile device may be unable to monitor and/or control the functionsperformed by the smart device. Enabling a connection with the homenetwork may consume user device resources (e.g., processing power,memory consumption, battery life, or the like) and/or home networkresources (e.g., management resources, bandwidth, processing power,memory consumption, or the like) that may be otherwise efficientlyutilized to perform tasks associated with the home network.Additionally, a delay may be introduced in monitoring and/or controllingthe functions performed by the smart device.

In some cases, the one or more user devices may utilize messagingapplications to correspond with each other. Such correspondence mayinclude, for example, verbal communication via an internet-basedtelephonic system (e.g., voice-over-IP (VOIP) system) and/or textualcommunication via an internet-based messaging system (e.g., instantmessaging (IM), etc.). On occasion, a given user device may be unable toutilize a messaging application due to, for example, localized blocking.Such localized blocking to utilizing messaging applications may beeffected by a local internet service provider (ISP) providing internetservices to the given user device and/or by a local government entity.In this case, the given user device may be unable to correspond withanother user device. Enabling utilization of the messaging applicationmay consume user device resources (e.g., processing power, memoryconsumption, battery life, or the like) and/or local network resources(e.g., management resources, bandwidth, processing power, memoryconsumption, or the like) that may be otherwise efficiently utilized toperform other tasks associated with the mesh network. Additionally, adelay may be introduced in corresponding with the other user device.

Various aspects of systems and techniques discussed in the presentdisclosure enable network services in a mesh network. In some aspects,an MSP control infrastructure may provide the mesh network to enableuser devices to securely communicate meshnet data. Further, the MSPcontrol infrastructure may provide the user devices with respectiveclient applications to communicate with the MSP control infrastructure,to communicate with each other for setting up respective meshnetconnections to be utilized for communicating meshnet data in the meshnetwork, and/or to communicate the meshnet data (e.g., meshnetcommunications) with each other over the respective meshnet connections.The MSP control infrastructure and the respective client applicationsmay also enable network services in the mesh network. To enable networkservices, a given client application may enable a given user device toshare network services available to the given user device with one ormore user devices in the mesh network via meshnet connections. Suchnetwork services may include, for example, access to intranet resources,ability to monitor and/or control smart devices associated with a localarea network (e.g., home network), access to messaging applications forcorresponding with other user devices, etc. In some aspects, the givenuser device may receive, from another user device in the mesh network, arequest to access a network service available to the given user device.In some aspects, such request may be received via a meshnet connectionbetween the given user device and the other user device. Based at leastin part on receiving the request, the given user device may enable theother user device to access and/or utilize the requested networkservice. In some aspects, information related to the request and datarelated to accessing and/or utilizing the requested network service maybe communicated as encrypted meshnet data. In this way, the MSPinfrastructure and/or the respective applications may enable sharing ofnetwork services via existing meshnet connections in the mesh networkwithout the user devices installing additional dedicated network serviceapplications and/or communicating unencrypted information/data. As aresult, the MSP infrastructure and/or the respective applications mayenable efficient utilization of user device resources (e.g., processingresources, memory resources, power consumption resources, battery life,or the like) and network resources (computational resources, networkbandwidth, management resources, processing resources, memory resources,or the like) for performing suitable tasks associated with enablingnetwork services and/or with the mesh network.

In some aspects, a processor (e.g., processing unit 116, processor 720)associated with a first user device may receive, while in communicationwith a second device in a mesh network, a request to access a networkservice available to the first user device; and transmit, to the seconddevice, information associated with accessing the network service basedat least in part on receiving the request.

As indicated above, FIG. 2 is provided as an example. Other examples maydiffer from what is described with regard to FIG. 2 .

FIG. 3 is an illustration of an example flow 300 associated with networkservices in a mesh network, according to various aspects of the presentdisclosure. The example flow 300 may include a first user device (e.g.,first endpoint), MSP control infrastructure 104, and a second userdevice (e.g., second endpoint) in communication with each other. Thefirst user device and the second user device may be similar to a userdevice 102 discussed above with respect to FIG. 1 . In some aspects, thefirst user device and the second user device may be associated with asingle account registered with the MSP control infrastructure 104. Insome aspects, the first user device and the second user device may beassociated with different accounts registered with the MSP controlinfrastructure 104. In some aspects, the first user device and thesecond user device may be located locally (e.g., in the same room, inthe same building, etc.). In some aspects, the first user device and thesecond user device may be located remotely (e.g., in differentbuildings, in different cities, in different states, in differentcountries, etc.) with respect to each other.

The first user device may install a first client application (e.g.,client application 104) and the second user device may install a secondclient application (e.g., client application 104), the first clientapplication and the second client application being associated with(e.g., provided by) the MSP control infrastructure 104. The first userdevice and the second user device may use the respective clientapplications to communicate with an application programming interface(API) and/or a processor (e.g., processing unit 110, processor 720)associated with the MSP control infrastructure 104. In some aspects, thefirst user device, the MSP control infrastructure 104, and the seconduser device may communicate with each other over a network (e.g.,network 118). As discussed herein, the MSP control infrastructure 104may enable the first user device and/or the second user device to obtainthe mesh network services and/or communicate via instant messages.

In some aspects, the client applications may enable the user devices toreceive information to be processed by the client applications and/or bythe MSP control infrastructure 104. Each of the client applications mayinclude respective graphical user interfaces to receive the informationvia local input interfaces (e.g., touch screen, keyboard, mouse,pointer, etc.) associated with the user devices. The information may bereceived via text input or via a selection from among a plurality ofoptions (e.g., pull down menu, etc.). In some aspects, the first clientapplication and/or the second client application may activate and/orenable the graphical interface for receiving the information and/ordisplaying received information. For instance, the first clientapplication (or the second client application) may cause a screen (e.g.,local screen) associated with the first user device (or the second userdevice) to display, for example, a pop-up message to request entry ofthe information. The client applications may enable communication of atleast a portion of the information to the MSP control infrastructure104. The client applications may enable communication of informationamong the user devices. In some aspects, the first client applicationmay utilize a first processing unit (e.g., processing unit 116,processor 720) associated with the first user device to performprocesses/operations associated with network services in the meshnetwork and the second application may utilize a second processing unit(e.g., processing unit 116, processor 720) associated with the seconduser device to perform processes/operations associated with networkservices in the mesh network.

Although only two user devices (e.g., endpoints) are shown in FIG. 3 ,the present disclosure contemplates the mesh network to include anynumber of user devices that perform the processes discussed herein in asimilar and/or analogous manner. For instance, the mesh network mayinclude a third user device and a fourth user device, as discussed abovewith respect to FIG. 2 , that perform the processes discussed herein ina similar and/or analogous manner. User devices may leave or join themesh network in an ad-hoc manner.

As shown by reference numeral 305, the first user device may register anaccount with the MSP control infrastructure 104. In some aspects, duringthe registration, the first user device may provide registrationinformation such as, for example, identity of an owner of the first userdevice, a phone number associated with the first user device, an emailaddress associated with the first user device, or the like. In someaspects, the first user device may set up an access system includinglogin information (e.g., access information) such as, for example,username, password, or the like to subsequently gain access to theregistered account. In some aspects, the first user device may share thelogin information with other user devices (e.g., second user device)associated with the first user device to enable the other user devicesto utilize the login information to gain access to the MSP controlinfrastructure 104 via the registered account. In some aspects, a givenuser device may be associated with the first user device because thegiven user device may be available to a user/owner of the first userdevice. In some aspects, when the second user device is not associatedwith the registered account associated with the first user device, thesecond user device may register a different account with the MSP controlinfrastructure 104.

In some aspects, the first user device and the second user device mayutilize the login information to access the registered account/accountsto communicate with the MSP control infrastructure 104. As shown byreference numeral 310, based at least in part on the first user deviceand the second user device accessing the registered account/accounts tocommunicate with the MSP control infrastructure 104, the MSP controlinfrastructure 104 may transmit, and the first client application andthe second client application may receive, MSP access information. Insome aspects, the MSP access information may include UDP accessinformation. The UDP access information may include informationregarding an infrastructure UDP IP address and an infrastructure UDPport associated with the MSP control infrastructure 104. The MSP controlinfrastructure 104 may utilize the infrastructure UDP IP address and theinfrastructure UDP port to communicate utilizing the UDP. In someaspects, the first user device and the second user device may utilizethe infrastructure UDP IP address and the infrastructure UDP port tocommunicate with the MSP control infrastructure 104 regarding the meshnetwork. Further, the first client application and the second clientapplication may obtain from, for example, a domain name services (DNS)server, transmission control protocol (TCP) access informationassociated with the MSP control infrastructure 104. Such TCP accessinformation may include information regarding an infrastructure TCP IPaddress and an infrastructure TCP port associated with the MSP controlinfrastructure 104. The MSP control infrastructure 104 may utilize theinfrastructure TCP IP address and the infrastructure TCP port tocommunicate utilizing the TCP.

As shown by reference numeral 315, the first client application and thesecond client application may determine information based at least inpart on the registration of the account/accounts with the MSP ControlInfrastructure 104. In an example, the first client application maydetermine an asymmetric first assigned key pair associated with thefirst user device. The first assigned key pair may be unique to thefirst user device and may include a first assigned public key and afirst assigned private key. In this way, the first assigned public keyand the first assigned private key may be device-specific and maybeassociated with the registered account. In some aspects, the firstassigned public key and the first assigned private key may be associatedwith each other via, for example, a mathematical function. As a result,data encrypted using the first assigned public key may be decrypted byutilizing the first assigned private key.

Similarly, the second client application may determine an asymmetricsecond assigned key pair associated with the second user device. Thesecond assigned key pair may be unique to the second user device and mayinclude a second assigned public key and a second assigned private key.In this way, the second assigned public key and the second assignedprivate key may be device-specific and maybe associated with theregistered account. In some aspects, the second assigned public key andthe second assigned private key may be associated with each other via,for example, a mathematical function. As a result, data encrypted usingthe second assigned public key may be decrypted by utilizing the secondassigned private key.

As shown by reference numeral 320, the client applications may transmit,and the MSP control infrastructure 104 may receive, at least a portionof the information determined by the client applications. For instance,the first client application may transmit, for example, the firstassigned public key to the MSP control infrastructure 104 and the secondclient application may transmit, for example, the second assigned publickey to the MSP control infrastructure 104. The MSP controlinfrastructure 104 may store and correlate the received information inassociation with the registered account and/or with the respective userdevices. In an example, the MSP control infrastructure 104 may store andcorrelate the first assigned public key in association with theregistered account and the first user device, and may store andcorrelate the second assigned public key in association with theregistered account and the second user device. In some aspects, thefirst client application and the second client application may utilizethe infrastructure UDP IP address or the infrastructure TCP IP addressand the infrastructure UDP port or the infrastructure TCP port totransmit the first assigned public key and the second assigned publickey to the MSP control infrastructure 104 via the TCP.

Further, as shown by reference numeral 325, the MSP controlinfrastructure 104 may determine that the first user device and thesecond user device are to be included in the same mesh network. In someaspects, when the first user device and the second user device areassociated with the same registered account, the MSP controlinfrastructure 104 may make such a determination regarding the securemesh network based at least in part on determining that the first userdevice and the second user device are communicating with the MSP controlinfrastructure 104 by utilizing the login information associated withthe same registered account. In some aspects, when the first user deviceand the second user device are associated with different registeredaccounts, the MSP control infrastructure 104 may make such adetermination regarding the secure mesh network based at least in parton the first user device (and/or the second user device) providinginformation indicating that the first user device and the second userdevice are to be included in the same mesh network. Such information mayinclude, for example, identification information (e.g., type of device,user name, email address, etc.) associated with the second user device(or the first user device), the second IP address (or the first IPaddress), or the like.

Based at least in part on determining that the first user device and thesecond user device are to be included in the same mesh network, as shownby reference numeral 330, the MSP control infrastructure 104 maydetermine meshnet IP addresses for the first user device and for thesecond user device. In an example, the MSP control infrastructure 104may determine a first meshnet IP address associated with the first userdevice and a second meshnet IP address associated with the second userdevice. The first client application and/or another applicationinstalled on the first user device and/or the operating systemassociated with the first user device may utilize the first meshnet IPaddress and/or the first local meshnet port to communicate data with theendpoints over meshnet connections in the mesh network and the secondclient application and/or another application installed on the seconduser device and/or the operating system associated with the second userdevice may utilize the second meshnet IP address and/or the second localmeshnet port to communicate data with the endpoints over the meshnetconnections in the mesh network. In an example, with respect tocommunication between the first user device and the second user device,the first user device may determine a first meshnet IP packet indicatingthe first meshnet IP address as a source address, the first localmeshnet port as a source port, the second meshnet IP address as adestination address, and the second local meshnet port as a destinationport. The first user device may encrypt and encapsulate the firstmeshnet IP packet within a payload of a transmitted UDP IP packet. Thesecond user device may receive the UDP IP packet, may decrypt the firstmeshnet IP packet, and may route the first meshnet IP packet to thesecond local meshnet port. Similarly, the second user device maydetermine a second meshnet IP packet indicating the second meshnet IPaddress as a source address, the second local meshnet port as a sourceport, the first meshnet IP address as a destination address, and thefirst local meshnet port as a destination port. The second user devicemay encrypt and encapsulate the second meshnet IP packet within apayload of a transmitted UDP IP packet. The first user device mayreceive the UDP IP packet, may decrypt the second meshnet IP packet, andmay route the second meshnet IP packet to the first local meshnet port.The MSP control infrastructure 104 may determine the first meshnet IPaddress and the second meshnet IP address from, for example, a pool ofreserved IP addresses included in a subnet associated with an internalnetwork of the ISP.

As shown by reference numeral 335, the first user device and the seconduser device may transmit, and the MSP control infrastructure 104 mayreceive, respective binding requests. In some aspects, the first userdevice may transmit the first binding request to the MSP controlinfrastructure 104 using the UDP by utilizing the UDP access informationreceived from the MSP control infrastructure 104 (e.g., block 320). Inthis case, the first user device may transmit a first binding request tothe MSP control infrastructure 104 to request the MSP controlinfrastructure 104 to determine a first public UDP IP address (e.g.,communication address) and/or a first public UDP port (e.g.,communication port) associated with the first user device. As discussedbelow in further detail, the first public UDP IP address and/or thefirst public UDP port are to be utilized by the second user device tocommunicate with the first user device in the mesh network. Similarly,the second user device may transmit the second binding request to theMSP control infrastructure 104 using the UDP by utilizing the UDP accessinformation received from the MSP control infrastructure 104 (e.g.,block 320). In this case, the second user device may transmit a secondbinding request to the MSP control infrastructure 104 to request the MSPcontrol infrastructure 104 to determine a second public UDP IP address(e.g., communication address) and/or a second public UDP port (e.g.,communication port) associated with the second user device. As discussedbelow in further detail, the second UDP IP address and/or the second UDPport are to be utilized by the first user device to communicate with thesecond user device in the mesh network.

In some aspects, the first public UDP IP address and/or the first publicUDP port may be determined by a first NAT device (e.g., a router)responsible for managing operation of the first user device in a firstlocal network. In an example, the first NAT device may translate a firstlocal UDP IP address and/or a first local UDP port associated with thefirst user device to the first public UDP IP address and/or the firstpublic UDP port that the first user device utilizes to communicate(e.g., transmit and/or receive) over the Internet using the UDP.Similarly, the second public UDP IP address and/or the second public UDPport may be determined by a second NAT device responsible for managingoperation of the second user device in a second local network. In anexample, the second NAT device may translate a second local UDP IPaddress and/or a second local UDP port associated with the second userdevice to the second public UDP IP address and/or the second public UDPport that the second user device utilized to communicate (e.g., transmitand/or receive) over the Internet using the UDP.

Based at least in part on receiving the respective binding requests, asshown by reference numeral 340, the MSP control infrastructure 104 maydetermine public UDP IP addresses and/or public UDP ports associatedwith the first user device and the second user device. In an example,based at least in part on receiving the first binding request, the MSPcontrol infrastructure 104 may determine the first public UDP IP addressand/or the first public UDP port associated with the first user device.In some aspects, the MSP control infrastructure 104 may determine thefirst public UDP IP address and/or the first public UDP port based atleast in part on analyzing the UDP communication (e.g., UDP IP packet)including the first binding request received from the first user device.The UDP communication may include, for example, a header that indicatesthe first public UDP IP address as a source UDP IP address and/or thefirst public UDP port as a source UDP port associated with the firstuser device. Further, the MSP control infrastructure 104 may store andcorrelate the first public UDP IP address and/or the first UDP port inassociation with the first user device in, for example, the meshnetdatabase 112. Similarly, based at least in part on receiving the secondbinding request, the MSP control infrastructure 104 may determine thesecond public UDP IP address and/or the second public UDP portassociated with the second user device. In some aspects, the MSP controlinfrastructure 104 may determine the second public UDP IP address and/orthe second public UDP port based at least in part on analyzing the UDPcommunication (e.g., UDP IP packet) including the second binding requestreceived from the second user device. The UDP communication may include,for example, a header that indicates the second public UDP IP address asa source UDP IP address and/or the second public UDP port as a sourceUDP port associated with the second user device. Further, the MSPcontrol infrastructure 104 may store and correlate the second public UDPIP address and/or the second public UDP port in association with thesecond user device in, for example, the meshnet database 112.

Based at least in part on determining the public UDP IP addresses and/orthe public UDP ports, as shown by reference numeral 345, the MSP controlinfrastructure 104 may transmit, and the first client application andthe second client application may receive, communication information. Inan example, the MSP control infrastructure 104 may transmit, and thefirst client application may receive, first communication informationincluding the first meshnet IP address associated with the first userdevice, the second meshnet IP address associated with the second userdevice, the second public UDP IP address and/or the second public UDPport associated with the second user device, and the second public keyassociated with the second user device. Similarly, the MSP controlinfrastructure 104 may transmit, and the second client application mayreceive, second communication information including the first public UDPIP address and/or the first public UDP port associated with the firstuser device, the first public key associated with the first user device,the first meshnet IP address associated with the first user device, andthe second meshnet IP address associated with the second user device. Asdiscussed below in further detail, the above transmission ofcommunication information may enable the first user device and thesecond user device to communicate securely and privately in the meshnetwork.

In some aspects, the MSP control infrastructure 104 may determineaccount information associated with the user devices included in themesh network. In an example, when the mesh network includes the firstuser device, the second user device, the third user device, and thefourth user device, as discussed above with respect to example 200 ofFIG. 2 , the MSP control infrastructure 104 may determine a correlationbetween a given user device and a registered account associated with thegiven user device. For instance, with respect to example 200 of FIG. 2 ,the MSP control infrastructure 104 may determine account informationindicating, for example, that the first user device is associated with afirst registered account, that the second user device is associated witha second registered account, and that the third user device and thefourth user device are both associated with a third registered account.The MSP control infrastructure 104 may transmit the determined accountinformation to the user devices included in the mesh network viacommunication information. In an example, the MSP control infrastructure104 may include the determined account information in the firstcommunication information transmitted to the first user device, in thesecond communication information transmitted to the second user device,in the third communication information transmitted to the third userdevice, and/or in the fourth communication information transmitted tothe fourth user device. In some aspects, one or more user devicesincluded in the mesh network may be associated with a predeterminedgrouping (e.g., chat rooms, break out rooms, etc.) of devices. In thiscase, the account information may include information indicating anassociation of the one or more user devices with a grouping of devices.Further, the MSP control infrastructure 104 may update the accountinformation and transmit updated communication information to the userdevices based at least in part on determining a change in an associationof the user device with a registered account and/or a change in anassociation of a user device with a grouping of devices.

As shown by reference numeral 350, the first client application and thesecond client application may communicate with each other directly toset up a meshnet connection (e.g., an encrypted tunnel) forcommunicating encrypted data in the hybrid mesh network. To set up themeshnet connection, the first client application may utilize the secondassigned public key and/or the second public IP address (e.g., secondUDP IP address) to securely (e.g., in encrypted form) communicate withthe second client application, and the second client application mayutilize the first assigned public key and/or the first public IP address(e.g., first UDP IP address) to securely communicate with the firstclient application. In some aspects, the first client application andthe second client application may communicate to securely/privatelynegotiate parameters (e.g., a symmetric encryption/decryption key)associated with the meshnet connection. In some aspects, the parametersmay be randomly generated to provide optimized security to thecommunications. In an example, the first client application and thesecond client application may privately negotiate a randomly generatedsymmetric key that is to be utilized by the first client application andthe second client application for encrypting and decrypting datacommunicated via the meshnet connection. The randomly generatedsymmetric key may be determined based at least in part on anycombination of the first public key, the second public key, and/orrandomly generated numbers. Additionally, the first client applicationand the second client application may utilize a secure protocol (e.g.,Wireguard, IP sec, etc.) to communicate the data via the meshnetconnection.

Additionally, or alternatively, the first client application and thesecond client application may communicate with each other indirectlyvia, for example, a relay device (e.g., a relay server) to set up themeshnet connection. In an example, the first client application mayprovide the first assigned public key to a relay server, which may storean association of the first assigned public key with the first clientapplication. In some aspects, the association may include an associationbetween the first assigned public key and a first communicationconnection between the relay server and the first client application.Similarly, the second client application may provide the second assignedpublic key to the relay server, which may store an association of thesecond assigned public key with the second client application. In someaspects, the association may include an association between the secondassigned public key and a second communication connection between therelay server and the first client application. The relay server may relyon the stored associations of public keys and client applications todetermine a destination of a received message. In some aspects, therelay server may include a network of relay servers that enable thefirst client application and the second client application tocommunicate with each other. In this case, the first client applicationand the second client application may provide the respective assignedpublic keys to different relay servers included within the network ofrelay servers.

In some aspects, the first client application may transmit, to the relayserver, a first message that is to be delivered to the second clientapplication. Along with the first message, the first client applicationmay transmit the second assigned public key. Further, the first clientapplication may encrypt the first message utilizing the second assignedpublic key. In some aspects, the first client application may encryptthe first message based at least in part on utilizing the negotiatedrandomly generated symmetric key. Based at least in part on receivingthe encrypted first message and the second assigned public key, therelay server may determine from stored associations that the secondassigned public key is associated with the second client application. Asa result, the relay server may determine that the first message is to berelayed (e.g., transmitted) to the second client application. Similarly,the second client application may transmit, to the relay server, asecond message that is to be delivered to the first client application.Along with the second message, the second client application maytransmit the first assigned public key. Further, the second clientapplication may encrypt the second message utilizing the first assignedpublic key. In some aspects, the second client application may encryptthe second message based at least in part on utilizing the negotiatedrandomly generated symmetric key. Based at least in part on receivingthe encrypted second message and the first assigned public key, therelay server may determine from stored associations that the firstassigned public key is associated with the first client application. Asa result, the relay server may determine that the second message is tobe relayed (e.g., transmitted) to the first client application. In thisway, the relay server may enable the first client application and thesecond client application to communicate with each other to set up themeshnet connection.

Based at least in part on setting up the meshnet connection, the firstclient application and the second client application may begincommunicating encrypted data via the meshnet connection based at leastin part on utilizing the negotiated parameters and the secure protocol.In a similar and/or analogous manner, the first client application mayset up meshnet connections with a third client application installed inthe third client application and with a fourth client applicationassociated with the fourth client application. Also, in a similar and/oranalogous manner, the second client application may set up meshnetconnections with the first client application, the third clientapplication, and the fourth client application. Further, in a similarand/or analogous manner, the third client application may set up meshnetconnections with the first client application, the second clientapplication, and the fourth client application. Finally, in a similarand/or analogous manner, the fourth client application may set upmeshnet connections with the first client application, the second clientapplication, and the third client application. Additional clientapplications that enter the mesh network may also set up meshnetconnections with the other client applications included in the meshnetwork.

Further, based at least in part on setting up the meshnet connection, asshown by reference numeral 355, the user devices included in the meshnetwork may enable network services in the mesh network. In someaspects, the user devices may utilize respective client applications toenable network services in the mesh network by sharing available networkservices with one or more user devices through communication ofinformation in encrypted form via respective meshnet connections. Insome aspects, a given user device may enable one or more user devices toutilize the network services available to the given user device bycommunicating information through respective meshnet connections betweenthe given user device and the one or more user devices. The networkservices may include, for example, access to given intranet resources,ability to monitor and/or control smart devices associated with a localarea network (e.g., home network), access to messaging applications forcorresponding with other user devices, etc.

In some aspects, the user devices may inform each other of availablenetwork services. With respect to the first user device, the firstclient application may determine a list of network services available tothe first user device. Based at least in part on determining the list ofavailable network services, the first client application may transmitthe list to each user device in the mesh network. Further, the firstclient application may transmit an updated list to each user device inthe mesh network based at least in part on changes in the availablenetwork services. In some aspects, the first client application maytransmit the list and/or updated list to each user device in the meshnetwork via the relay server along with respective public keys, asdiscussed elsewhere herein. In some aspects, the first clientapplication may transmit the list and/or updated list to the MSP controlinfrastructure 104, which may transmit the list to each user device inthe mesh network via, for example, respective communication information(e.g., block 345). In some aspects, the first client application maytransmit the list and/or updated list to the MSP control infrastructure104 at a time associated with registering the account with the MSPcontrol infrastructure 104 (e.g., block 305) and/or at a time associatedwith transmitting the first assigned public key (e.g., block 320) and/orat a time associated with transmitting the first binding request (e.g.,block 335) and/or at a time associated with establishing a meshnetconnection with a given user device in the mesh network.

In an example, one or more user devices in the mesh network may beassociated with a commercial entity. In an example, the one or more userdevices may be provided by the commercial entity to its employees. Theone or more user devices may be utilized to perform functions associatedwith the business conducted by the commercial entity. Such functions maybe performed by, for example, connecting to an internal network (e.g.,intranet) and accessing intranet resources (e.g., network resourcedevices) associated with the commercial entity. Such intranet resourcesmay include an intranet-attached storage (NAS) device, intranet instantmessaging services, intranet document processing services (e.g.,printing, copying, etc.) intranet telephony services, intranet contactslist, etc.

With respect to the first user device and the second user device, thefirst user device may be connected to the intranet and may have accessto the intranet resources and the second user device may be locatedremotely with respect to a location associated with connecting to theintranet. As a result, the second user device may be unable to connectto the intranet, and, therefore, unable to access the intranetresources. This may prevent the second user device from performing thefunctions associated with the business conducted by the commercialentity. In this case, the second user device may transmit to, forexample, the first user device a request to access the intranetresources. The request to access the intranet resources and associateddata (discussed below) may be communicated (e.g., transmitted and/orreceived) as encrypted meshnet data via a meshnet connection between thefirst user device and the second user device.

Based at least in part on receiving the request, the first user devicemay enable the second user device to access the intranet resources byenabling the second user device to connect to the intranet via the firstuser device. In some aspects, the first user device may enable thesecond user device to authenticate the second user device with theintranet. In this case, the first user device may receive and forward aconnection request and/or authentication request from the second userdevice to the intranet and may receive and forward an authenticationmessage, indicating a result of authenticating the second user device(e.g., successful authentication of the second user device), from theintranet to the second user device. Once authenticated, the first userdevice may receive and forward access commands from the second userdevice for accessing the intranet resources to the intranet. In anexample, the first user device may receive and forward an access commandrequesting network information from a network resource device associatedwith the network service. Based at least in part on forwarding theaccess commands, the first user device may receive and forward dataassociated with the network service from the intranet to the second userdevice. In an example, the first user device may receive and forward thenetwork information from the network resource device to the second userdevice. In some aspects, the first user device may receive and forwardprocess information from the second user device to a network resourcedevice, the process information to be utilized and/or processed by thenetwork resource device. In an example, the process information mayinclude information to be printed and/or copied by an intranet printer(e.g., network resource device). In this way, by utilizing the meshnetconnection between the first user device and the second user device, thefirst user device may enable the second user device to connect to theintranet via the first user device, to transmit access commands, toreceive data based at least in part on transmitting the access commands,and to utilize the received data to perform the functions associatedwith the business conducted by the commercial entity.

In another example, one or more user devices may be associated with ahome network. The one or more devices may include mobile devices (e.g.,laptops, tablets, smart phones, etc.) and smart devices (e.g.,internet-of-things (IoT) devices). A mobile device may have available anetwork service to monitor and/or control functions performed by a smartdevice (e.g., security cameras, refrigerators, lights, etc.) when themobile device is connected to the home network. As a result, the mobiledevice may be unable to monitor and/or control the functions performedby the smart device when the mobile device is disconnected from the homenetwork. The mobile device may be disconnected from the home networkwhen, for example, the mobile device may be located remotely withrespect to the home network. In this case, the mobile device may beunable to monitor and/or control the functions performed by the smartdevice.

With respect to the first user device and the second user device, thefirst user device may be a central device (e.g., desktop, mobile device,smart device, etc.) connected to the home network and may have access tothe smart devices (e.g., network resource devices) and the second userdevice may be a mobile device located remotely with respect to the homenetwork. As a result, the second user device may be unable to connect tothe home network, and, therefore, unable to monitor and/or control thefunctions performed by a smart device. In this case, the second userdevice may transmit to, for example, the first user device an accessrequest to connect to the home network and/or to monitor and/or controlthe functions performed by the smart device. The request to access thehome network and associated data (discussed below) may be communicated(e.g., transmitted and/or received) as encrypted meshnet data via ameshnet connection between the first user device and the second userdevice.

Based at least in part on receiving the request, the first user devicemay enable the second user device to access the home network by enablingthe second user device to connect to the home network via the first userdevice. In some aspects, the first user device may enable the seconduser device to authenticate the second user device with the homenetwork. In this case, the first user device may receive and forward aconnection request and/or authentication request from the second userdevice to the home network and may receive and forward an authenticationmessage, indicating a result of authentication the second user device(e.g., successful authentication of the second user device), from thehome network to the second user device. Once authenticated, the firstuser device may receive and forward access commands from the second userdevice requesting network information associated with monitoring thefunctions performed by the smart device (e.g., indicating informationabout functions performed by the smart device). Based at least in parton forwarding the access commands, the first user device may receive andforward the network information indicating functions performed by thesmart device from the home network to the second user device. Based atleast in part on transmitting the network information, the first userdevice may receive and forward a control command from the second userdevice to control a function performed by the smart device (e.g., tocontrol operation of the smart device). Based at least in part onforwarding the control command, the first device may enable the smartdevice to perform functions in accordance with the control command. Thefirst user device may receive and forward operation informationindicating information about the smart device performing the function inaccordance with the control command from the home network to the seconduser device. In this way, by utilizing the meshnet connection betweenthe first user device and the second user device, the first user devicemay enable the second user device to connect to the home network via thefirst user device, to transmit access and/or control commands, toreceive data based at least in part on transmitting the access and/orcontrol commands, and to monitor and/or control the functions performedby the smart device.

In yet another example, one or more user devices may utilize messagingapplications to correspond with each other. Such correspondence mayinclude, for example, verbal communication via an internet-basedtelephonic system (e.g., voice-over-IP (VOIP) system) and/or textualcommunication via an internet-based messaging system (e.g., instantmessaging (IM), etc.). On occasion, a given user device may be unable toutilize a messaging application due to, for example, localized blocking.Such localized blocking to utilizing messaging applications may beeffected by a local internet service provider (ISP) providing internetservices to the given user device and/or by a local government entity.In this case, the given user device may be unable to correspond with acommunication device.

With respect to the first user device and the second user device, thefirst user device may have available a messaging application to enablecorrespondence and the second user device may be unable to utilize themessaging application. As a result, the second user device may be unableto correspond via verbal communication and/or textual communication witha communication device (e.g., another device in the mesh network, anexternal device outside the mesh network, etc.). In this case, thesecond user device may transmit to, for example, the first user device arequest to utilize the messaging application. The request to utilize themessaging application and associated data (discussed below) may becommunicated (e.g., transmitted and/or received) as encrypted meshnetdata via a meshnet connection between the first user device and thesecond user device.

Based at least in part on receiving the request, the first user devicemay enable the second user device to utilize the messaging application.In some aspects, the first user device may receive and forward messagedata from the second user device to be transmitted to the communicationdevice. In some aspects, the message data may include and/or beaccompanied by identification information to identify the communicationdevice. Based at least in part on forwarding the message data to thecommunication device, the first user device may receive and forwardresponse data associated with the message data from the communicationdevice to the second user device. In this way, by utilizing the meshnetconnection between the first user device and the second user device, thefirst user device may enable the second user device to utilize themessaging application to correspond with a communication device bycommunication.

In a similar and/or analogous manner as discussed above with the firstuser device and/or the second user device, other endpoints in the meshnetwork and the MSP control infrastructure 104 may enable sharing ofnetwork services in the mesh network. For instance, the other endpointsin the mesh network may inform the user devices in the mesh networkabout available network services and may enable one or more user devicesto access an available network service, as discussed elsewhere herein.Additional user devices that enter the mesh network may also set uprespective meshnet connections with the other user devices included inthe mesh network and may enable sharing of network services in the meshnetwork, as discussed elsewhere herein

In this way, the MSP infrastructure and/or the respective applicationsmay enable sharing of network services via existing meshnet connectionsin the mesh network without the user devices installing additionaldedicated network service applications and/or communicating unencryptedinformation/data. As a result, the MSP infrastructure and/or therespective applications may enable efficient utilization of user deviceresources (e.g., processing resources, memory resources, powerconsumption resources, battery life, or the like) and network resources(computational resources, network bandwidth, management resources,processing resources, memory resources, or the like) for performingsuitable tasks associated with enabling network services and/or with themesh network.

As indicated above, FIG. 3 is provided as an example. Other examples maydiffer from what is described with regard to FIG. 3 .

FIG. 4 is an illustration of an example process 400 associated withnetwork services in a mesh network, according to various aspects of thepresent disclosure. In some aspects, the process 400 may be performed bya memory and/or a processor/controller (e.g., processing unit 116,processor 720) associated with a user device/endpoint (e.g., user device102) running a client application. As shown by reference numeral 410,process 400 may include receiving, by a first device from a seconddevice in a mesh network, an access request from the second device toaccess a network service available to the first device, the requestbeing received via a meshnet connection between the first device and thesecond device. For instance, a first device may utilize an associatedcommunication interface (e.g., communication interface 770) along withthe associated memory and/or processor to receive, from a second devicein a mesh network, an access request from the second device to access anetwork service available to the first device, the request beingreceived via a meshnet connection between the first device and thesecond device, as discussed elsewhere herein.

As shown by reference numeral 420, process 400 may include transmitting,by the first device to the second device, access information associatedwith accessing the network service based at least in part on receivingthe access request, the access information being transmitted via themeshnet connection. For instance, a first device may utilize theassociated communication interface, memory, and/or processor totransmitting, by the first device to the second device, accessinformation associated with accessing the network service based at leastin part on receiving the access request, the access information beingtransmitted via the meshnet connection, as discussed elsewhere herein.

Process 400 may include additional aspects, such as any single aspect orany combination of aspects described below and/or in connection with oneor more other processes described elsewhere herein.

In a first aspect, in process 400, receiving the access request includesreceiving the access request in encrypted form; and transmitting theaccess information includes transmitting the access information inencrypted form.

In a second aspect, alone or in combination with the first aspect,process 400 may include transmitting a list of network servicesavailable to the first device to enable the second device to transmitthe access request.

In a third aspect, alone or in combination with the first through secondaspects, process 400 may include receiving, from the second device, aconnection request to authenticate the second device to enable thesecond device to access the network service; and transmitting, to thesecond device, an authentication message indicating a result ofauthenticating the second device.

In a fourth aspect, alone or in combination with the first through thirdaspects, process 400 may include receiving, from the second device viathe meshnet connection, an access command requesting network informationfrom a network resource device associated with the network service; andtransmitting, via the meshnet connection, the network information to thesecond device based at least in part on receiving the networkinformation from the network resource device.

In a fifth aspect, alone or in combination with the first through fourthaspects, process 400 may include transmitting, to a network resourcedevice associated with the network service, an access command requestingnetwork information from the network resource device; and receiving,from the network resource device, the network information based at leastin part on transmitting the access command to the network resourcedevice.

In a sixth aspect, alone or in combination with the first through fifthaspects, process 400 may include receiving, from the second device viathe meshnet connection, process information to be processed by a networkresource device associated with the network service; and transmittingthe process information to the network resource device to enable thenetwork resource device to process the process information.

Although FIG. 4 shows example blocks of the process, in some aspects,the process may include additional blocks, fewer blocks, differentblocks, or differently arranged blocks than those depicted in FIG. 4 .Additionally, or alternatively, two or more of the blocks of the processmay be performed in parallel.

As indicated above, FIG. 4 is provided as an example. Other examples maydiffer from what is described with regard to FIG. 4 .

FIG. 5 is an illustration of an example process 500 associated withnetwork services in a mesh network, according to various aspects of thepresent disclosure. In some aspects, the process 500 may be performed bya memory and/or a processor/controller (e.g., processing unit 116,processor 720) associated with a user device/endpoint (e.g., user device102) running a client application. As shown by reference numeral 510,process 500 may include receiving, by a first device from a seconddevice in a mesh network, a control command from the second device tocontrol operation of a network resource device accessible by the firstdevice, the control command being received via a meshnet connectionbetween the first device and the second device. For instance, a firstuser device may utilize a communication interface (e.g., communicationinterface 770) with the associated memory and/or processor to receive,from a second device in a mesh network, a control command from thesecond device to control operation of a network resource deviceaccessible by the first device, the control command being received via ameshnet connection between the first device and the second device, asdiscussed elsewhere herein.

As shown by reference numeral 520, process 500 may include transmitting,by the first device to the second device, operation informationassociated with operation of the network resource device in accordancewith the control command, the operation information being transmittedvia the meshnet connection. For instance, the first user device mayutilize the associated communication interface, memory, and/or processorto transmit, to the second device, operation information associated withoperation of the network resource device in accordance with the controlcommand, the operation information being transmitted via the meshnetconnection, as discussed elsewhere herein.

Process 500 may include additional aspects, such as any single aspect orany combination of aspects described below and/or in connection with oneor more other processes described elsewhere herein.

In a first aspect, in process 500, receiving the control commandincludes receiving the control command in encrypted form; andtransmitting the operation information includes transmitting theoperation information in encrypted form.

In a second aspect, alone or in combination with the first aspect,process 500 may include receiving, from the second device via themeshnet connection, a connection request to authenticate the seconddevice with a network associated with the network resource device; andtransmitting, to the second device via the meshnet connection, anauthentication message indicating a result of authenticating the seconddevice.

In a third aspect, alone or in combination with the first through secondaspects, process 500 may include receiving, from the second device viathe meshnet connection, an access command requesting network informationindicating information about a function performed by the networkresource device; and transmitting, to the second device via the meshnetconnection, the network information based at least in part on receivingthe access command.

In a fourth aspect, alone or in combination with the first through thirdaspects, process 500 may include transmitting a list of network resourcedevices accessible by the first device to enable the second device tocontrol operation of the network resource device.

In a fifth aspect, alone or in combination with the first through fourthaspects, process 500 may include transmitting a list of network resourcedevices accessible by the first device to enable the second device tocontrol operation of the network resource device, the list beingtransmitted along with a public key associated with the second device toenable the second device to receive the list.

In a sixth aspect, alone or in combination with the first through fifthaspects, process 500 may include transmitting an updated list of networkresource devices to update a previously transmitted list of networkresource devices based at least in part on determining a change innetwork resource devices accessible by the first device.

Although FIG. 5 shows example blocks of the process, in some aspects,the process may include additional blocks, fewer blocks, differentblocks, or differently arranged blocks than those depicted in FIG. 5 .Additionally, or alternatively, two or more of the blocks of the processmay be performed in parallel.

As indicated above, FIG. 5 is provided as an example. Other examples maydiffer from what is described with regard to FIG. 5 .

FIG. 6 is an illustration of an example process 600 associated withnetwork services in a mesh network, according to various aspects of thepresent disclosure. In some aspects, the process 600 may be performed bya memory and/or a processor/controller (e.g., processing unit 116,processor 720) associated with a user device/endpoint (e.g., user device102) running a client application. As shown by reference numeral 610,process 600 may include receiving, by a first device from a seconddevice in a mesh network, message data to be transmitted to acommunication device, the message data being received via a firstmeshnet connection between the first device and the second device. Forinstance, a first user device may utilize an associated communicationinterface (e.g., communication interface 770) along with the associatedmemory and/or processor to receive, from a second device in a meshnetwork, message data to be transmitted to a communication device, themessage data being received via a first meshnet connection between thefirst device and the second device, as discussed elsewhere herein.

As shown by reference numeral 620, process 600 may include transmitting,by the first device to the second device, response data based at leastin part on transmitting the message data to the communication device,the response data being transmitted via the first meshnet connection.For instance, the first user device may utilize the associatedcommunication interface, memory, and/or processor to transmit, to thesecond device, response data based at least in part on transmitting themessage data to the communication device, the response data beingtransmitted via the first meshnet connection, as discussed elsewhereherein.

Process 600 may include additional aspects, such as any single aspect orany combination of aspects described below and/or in connection with oneor more other processes described elsewhere herein.

In a first aspect, in process 600, receiving the message data includesreceiving the message data in encrypted form, the message data beingencrypted utilizing a first symmetric key negotiated between the firstdevice and the second device; and transmitting the response dataincludes transmitting the response data in encrypted form, the responsedata being encrypted utilizing the first symmetric key.

In a second aspect, alone or in combination with the first aspect,process 600 may include decrypting the message data utilizing a firstsymmetric key negotiated between the first device and the second device,and encrypting the response data utilizing the first symmetric key.

In a third aspect, alone or in combination with the first through secondaspects, process 600 may include transmitting the message data to thecommunication device via a second meshnet connection between the firstdevice and the communication device, and receiving the response datafrom the communication device via the second meshnet connection.

In a fourth aspect, alone or in combination with the first through thirdaspects, process 600 may include transmitting the message data to thecommunication device in encrypted form, the message data being encryptedutilizing a second symmetric key negotiated between the first device andthe communication device, and receiving the response data from thecommunication device in encrypted form, the response data beingencrypted utilizing the second symmetric key.

In a fifth aspect, alone or in combination with the first through fourthaspects, process 600 may include encrypting the message data utilizing asecond symmetric key negotiated between the first device and thecommunication device, and decrypting the response data utilizing thesecond symmetric key.

In a sixth aspect, alone or in combination with the first through fifthaspects, process 600 may include transmitting, to the second device, alist of network services available to the first device.

Although FIG. 6 shows example blocks of the process, in some aspects,the process may include additional blocks, fewer blocks, differentblocks, or differently arranged blocks than those depicted in FIG. 6 .Additionally, or alternatively, two or more of the blocks of the processmay be performed in parallel.

As indicated above, FIG. 6 is provided as an example. Other examples maydiffer from what is described with regard to FIG. 6 .

FIG. 7 is an illustration of example devices 700 associated with networkservices in a mesh network, according to various aspects of the presentdisclosure. In some aspects, the example devices 700 may form part of orimplement the systems, servers, environments, infrastructures,components, devices, or the like described elsewhere herein (e.g., MSPcontrol infrastructure, VPN server, etc.) and may be used to performexample processes described elsewhere herein. The example devices 700may include a universal bus 710 communicatively coupling a processor720, a memory 730, a storage component 740, an input component 750, anoutput component 760, and a communication interface 770.

Bus 710 may include a component that permits communication amongmultiple components of a device 700. Processor 720 may be implemented inhardware, firmware, and/or a combination of hardware and software.Processor 720 may take the form of a central processing unit (CPU), agraphics processing unit (GPU), an accelerated processing unit (APU), amicroprocessor, a microcontroller, a digital signal processor (DSP), afield-programmable gate array (FPGA), an application-specific integratedcircuit (ASIC), or another type of processing component. In someaspects, processor 720 may include one or more processors capable ofbeing programmed to perform a function. Memory 730 may include a randomaccess memory (RAM), a read only memory (ROM), and/or another type ofdynamic or static storage device (e.g., a flash memory, a magneticmemory, and/or an optical memory) that stores information and/orinstructions for use by processor 720.

Storage component 740 may store information and/or software related tothe operation and use of a device 700. For example, storage component740 may include a hard disk (e.g., a magnetic disk, an optical disk,and/or a magneto-optic disk), a solid state drive (SSD), a compact disc(CD), a digital versatile disc (DVD), a floppy disk, a cartridge, amagnetic tape, and/or another type of non-transitory computer-readablemedium, along with a corresponding drive.

Input component 750 may include a component that permits a device 700 toreceive information, such as via user input (e.g., a touch screendisplay, a keyboard, a keypad, a mouse, a button, a switch, and/or amicrophone). Additionally, or alternatively, input component 750 mayinclude a component for determining location (e.g., a global positioningsystem (GPS) component) and/or a sensor (e.g., an accelerometer, agyroscope, an actuator, another type of positional or environmentalsensor, and/or the like). Output component 760 may include a componentthat provides output information from device 700 (via, for example, adisplay, a speaker, a haptic feedback component, an audio or visualindicator, and/or the like).

Communication interface 770 may include a transceiver-like component(e.g., a transceiver, a separate receiver, a separate transmitter,and/or the like) that enables a device 700 to communicate with otherdevices, such as via a wired connection, a wireless connection, or acombination of wired and wireless connections. Communication interface770 may permit device 700 to receive information from another deviceand/or provide information to another device. For example, communicationinterface 770 may include an Ethernet interface, an optical interface, acoaxial interface, an infrared interface, a radio frequency (RF)interface, a universal serial bus (USB) interface, a Wi-Fi interface, acellular network interface, and/or the like.

A device 700 may perform one or more processes described elsewhereherein. A device 700 may perform these processes based on processor 720executing software instructions stored by a non-transitorycomputer-readable medium, such as memory 730 and/or storage component740. As used herein, the term “computer-readable medium” may refer to anon-transitory memory device. A memory device may include memory spacewithin a single physical storage device or memory space spread acrossmultiple physical storage devices.

Software instructions may be read into memory 730 and/or storagecomponent 740 from another computer-readable medium or from anotherdevice via communication interface 770. When executed, softwareinstructions stored in memory 730 and/or storage component 740 may causeprocessor 720 to perform one or more processes described elsewhereherein. Additionally, or alternatively, hardware circuitry may be usedin place of or in combination with software instructions to perform oneor more processes described elsewhere herein. Thus, implementationsdescribed herein are not limited to any specific combination of hardwarecircuitry and software.

The quantity and arrangement of components shown in FIG. 7 are providedas an example. In practice, a device 700 may include additionalcomponents, fewer components, different components, or differentlyarranged components than those shown in FIG. 7 . Additionally, oralternatively, a set of components (e.g., one or more components) of adevice 700 may perform one or more functions described as beingperformed by another set of components of a device 700.

As indicated above, FIG. 7 is provided as an example. Other examples maydiffer from what is described with regard to FIG. 7 .

Persons of ordinary skill in the art will appreciate that the aspectsencompassed by the present disclosure are not limited to the particularexemplary aspects described herein. In that regard, althoughillustrative aspects have been shown and described, a wide range ofmodification, change, and substitution is contemplated in the foregoingdisclosure. It is understood that such variations may be made to theaspects without departing from the scope of the present disclosure.Accordingly, it is appropriate that the appended claims be construedbroadly and in a manner consistent with the present disclosure.

The foregoing disclosure provides illustration and description, but isnot intended to be exhaustive or to limit the aspects to the preciseform disclosed. Modifications and variations may be made in light of theabove disclosure or may be acquired from practice of the aspects.

As used herein, the term “component” or “device” is intended to bebroadly construed as hardware, firmware, or a combination of hardwareand software. As used herein, a processor is implemented in hardware,firmware, or a combination of hardware and software.

As used herein, satisfying a threshold may, depending on the context,refer to a value being greater than the threshold, greater than or equalto the threshold, less than the threshold, less than or equal to thethreshold, equal to the threshold, or not equal to the threshold, amongother examples, or combinations thereof.

It will be apparent that systems or methods described herein may beimplemented in different forms of hardware, firmware, or a combinationof hardware and software. The actual specialized control hardware orsoftware code used to implement these systems or methods is not limitingof the aspects. Thus, the operation and behavior of the systems ormethods were described herein without reference to specific softwarecode—it being understood that software and hardware can be designed toimplement the systems or methods based, at least in part, on thedescription herein.

Even though particular combinations of features are recited in theclaims or disclosed in the specification, these combinations are notintended to limit the disclosure of various aspects. In fact, many ofthese features may be combined in ways not specifically recited in theclaims or disclosed in the specification. Although each dependent claimlisted below may directly depend on only one claim, the disclosure ofvarious aspects includes each dependent claim in combination with everyother claim in the claim set. A phrase referring to “at least one of” alist of items refers to any combination of those items, including singlemembers. As an example, “at least one of: a, b, or c” is intended tocover a, b, c, a-b, a-c, b-c, and a-b-c, as well as any combination withmultiples of the same element (for example, a-a, a-a-a, a-a-b, a-a-c,a-b-b, a-c-c, b-b, b-b-b, b-b-c, c-c, and c-c-c or any other ordering ofa, b, and c).

No element, act, or instruction used herein should be construed ascritical or essential unless explicitly described as such. Also, as usedherein, the articles “a” and “an” are intended to include one or moreitems, and may be used interchangeably with “one or more.” Further, asused herein, the article “the” is intended to include one or more itemsreferenced in connection with the article “the” and may be usedinterchangeably with “the one or more.” Furthermore, as used herein, theterm “set” is intended to include one or more items (e.g., relateditems, unrelated items, a combination of related and unrelated items,etc.), and may be used interchangeably with “one or more.” Where onlyone item is intended, the phrase “only one” or similar language is used.Also, as used herein, the terms “has,” “have,” “having,” or the like areintended to be open-ended terms. Further, the phrase “based on” isintended to mean “based, at least in part, on” unless explicitly statedotherwise. Also, as used herein, the term “or” is intended to beinclusive when used in a series and may be used interchangeably with“and/or,” unless explicitly stated otherwise (e.g., if used incombination with “either” or “only one of”).

What is claimed is:
 1. A method, comprising: receiving, by a firstdevice from a second device in a mesh network, a control command fromthe second device to control operation of a network resource deviceaccessible by the first device, the control command being received via ameshnet connection between the first device and the second device andbeing encrypted based at least in part on utilizing a first symmetrickey that (i) is negotiated between the first device and the seconddevice and (ii) is specific to the meshnet connection; and transmitting,by the first device to the second device, operation informationassociated with operation of the network resource device in accordancewith the control command, the operation information being transmittedvia the meshnet connection and being encrypted based at least in part onutilizing the first symmetric key.
 2. The method of claim 1, wherein thenetwork resource device is inaccessible by the second device.
 3. Themethod of claim 1, further comprising: receiving, from the second devicevia the meshnet connection, a connection request to authenticate thesecond device with a network associated with the network resourcedevice; and transmitting, to the second device via the meshnetconnection, an authentication message indicating a result ofauthenticating the second device.
 4. The method of claim 1, furthercomprising: receiving, from the second device via the meshnetconnection, an access command requesting network information indicatinginformation about a function performed by the network resource device;and transmitting, to the second device via the meshnet connection, thenetwork information based at least in part on receiving the accesscommand.
 5. The method of claim 1, further comprising: transmitting alist of network resource devices accessible by the first device toenable the second device to control operation of the network resourcedevice.
 6. The method of claim 1, further comprising: transmitting alist of network resource devices accessible by the first device toenable the second device to control operation of the network resourcedevice, the list being transmitted along with a public key associatedwith the second device to enable the second device to receive the list.7. The method of claim 1, further comprising: transmitting an updatedlist of network resource devices to update a previously transmitted listof network resource devices based at least in part on determining achange in network resource devices accessible by the first device.
 8. Afirst device, comprising: a memory; and a processor communicativelycoupled to the memory, the memory and the processor being configured to:receive, from a second device in a mesh network, a control command fromthe second device to control operation of a network resource deviceaccessible by the first device, the control command being received via ameshnet connection between the first device and the second device andbeing encrypted based at least in part on utilizing a first symmetrickey that (i) is negotiated between the first device and the seconddevice and (ii) is specific to the meshnet connection; and transmit, tothe second device, operation information associated with operation ofthe network resource device in accordance with the control command, theoperation information being transmitted via the meshnet connection andbeing encrypted based at least in part on utilizing the first symmetrickey.
 9. The infrastructure device of claim 8, wherein the networkresource device is inaccessible by the second device.
 10. Theinfrastructure device of claim 8, wherein the memory and the processorare configured to: receive, from the second device via the meshnetconnection, a connection request to authenticate the second device witha network associated with the network resource device; transmit, to thesecond device via the meshnet connection, an authentication messageindicating a result of authenticating the second device.
 11. Theinfrastructure device of claim 8, wherein the memory and the processorare configured to: receive, from the second device via the meshnetconnection, an access command requesting network information indicatinginformation about a function performed by the network resource device;and transmit, to the second device via the meshnet connection, thenetwork information based at least in part on receiving the accesscommand.
 12. The infrastructure device of claim 8, wherein the memoryand the processor are configured to: transmit a list of network resourcedevices accessible by the first device to enable the second device tocontrol operation of the network resource device.
 13. The infrastructuredevice of claim 8, wherein the memory and the processor are configuredto: transmit a list of network resource devices accessible by the firstdevice to enable the second device to control operation of the networkresource device, the list being transmitted along with a public keyassociated with the second device to enable the second device to receivethe list.
 14. The infrastructure device of claim 8, wherein the memoryand the processor are configured to: transmit an updated list of networkresource devices to update a previously transmitted list of networkresource devices based at least in part on determining a change innetwork resource devices accessible by the first device.
 15. Anon-transitory computer-readable medium configured to storeinstructions, which when executed by a processor associated with a firstdevice, cause the processor to: receive, from a second device in a meshnetwork, a control command from the second device to control operationof a network resource device accessible by the first device, the controlcommand being received via a meshnet connection between the first deviceand the second device and being encrypted based at least in part onutilizing a first symmetric key that (i) is negotiated between the firstdevice and the second device and (ii) is specific to the meshnetconnection; and transmit, to the second device, operation informationassociated with operation of the network resource device in accordancewith the control command, the operation information being transmittedvia the meshnet connection and being encrypted based at least in part onutilizing the first symmetric key.
 16. The non-transitorycomputer-readable medium of claim 15, wherein the network resourcedevice is inaccessible by the second device.
 17. The non-transitorycomputer-readable medium of claim 15, wherein the processor isconfigured to: receive, from the second device via the meshnetconnection, a connection request to authenticate the second device witha network associated with the network resource device; transmit, to thesecond device via the meshnet connection, an authentication messageindicating a result of authenticating the second device.
 18. Thenon-transitory computer-readable medium of claim 15, wherein theprocessor is configured to: receive, from the second device via themeshnet connection, an access command requesting network informationindicating information about a function performed by the networkresource device; and transmit, to the second device via the meshnetconnection, the network information based at least in part on receivingthe access command.
 19. The non-transitory computer-readable medium ofclaim 15, wherein the processor is configured to: transmit a list ofnetwork resource devices accessible by the first device to enable thesecond device to control operation of the network resource device. 20.The non-transitory computer-readable medium of claim 15, wherein theprocessor is configured to: transmit a list of network resource devicesaccessible by the first device to enable the second device to controloperation of the network resource device, the list being transmittedalong with a public key associated with the second device to enable thesecond device to receive the list.